かっぱ寿司とはま寿司の企業秘密不正取得事件でファイルセキュリティについて考える

hiro March 6, 2024

On February 26, 2024, the Tokyo District Court convicted Kappa Sushi of violating the Unfair Competition Prevention Act (trade secret infringement) for Kappa Sushi’s fraudulent use of Hama Sushi’s trade secrets. This incident occurred in 2020 when a former executive, who changed his job from Hama Sushi to Kappa Sushi, obtained a file containing trade secret data such as product costs from a former subordinate at Hama Sushi. The data was given to Mr. Otomo, who was the head of the product planning department of Kappa Sushi, and Kappa Sushi unfairly gained an advantage in competing with Hama Sushi. It has attracted attention as a case of leakage of trade secrets when changing jobs, which has been increasing in recent years, and the management company of Kappa Sushi as a company, as well as the individuals involved have been convicted. This incident raises concern not only about the decline in corporate ethics but also from the perspective of data security

かっぱ寿司とはま寿司の企業秘密不正取得事件でファイルセキュリティについて考える

First of all, Kappa Sushi and Otomo argued that the information in question was not properly protected, and therefore not a trade secret in the first place, and that they were not guilty. However, the court found that the data was “technical or business information useful for Hama Sushi’s business activities” and therefore constituted a trade secret under the Non-Competition Act. The court criticized Kappa, saying, “It hinders fair competition among operators, and the impact cannot be underestimated considering the size of the company.” However, the defendant’s argument that if the data is not sufficiently secured, it can be interpreted as not a trade secret bears notice. According to some reports, the file was sent by e-mail to the former executive by a subordinate and then copied onto a USB from a file-sharing service. In other words, it is questionable whether data security was working sufficiently.

There are two main types of data security. First, there are various measures to restrict access to critical data. This means that data cannot be accessed by unauthorized persons. However, in this case, the subordinate with access authority gave the file to the former executive, who then took the file and leaked it to manager Otomo of Kappa Sushi. In other words, access restrictions alone could not have prevented this incident.

Another type of data security is to encrypt the files themselves so that only authorized users can open them. These security measures, including information rights management (IRM), ensure that even if a file is illegally leaked, the recipient will not be able to see the contents. In this case, if file security was applied, the former executive and employees of Kappa Sushi could not have seen the contents of the file. Therefore, it is thought that Hama Sushi did not apply file security even though access was restricted.

At a time when changing jobs is an indispensable part of a company’s human resources strategy, there is a risk that such incidents will recur many times in the future. It is no exaggeration to say that companies must face this reality and protect their confidential information by utilizing both access restrictions and file security in order to survive in the face of fierce competition.